I have a Windows 2000 Domain controller with Terminal Server installed on it. I understand that running TS on a DC is not recommended, but I have to use what I have available.
My question is how do I lockdown a user with a GPO when they log on remotely and not when they log in over the LAN.
I would like one GPO to be applied when the user logs in from the office and another when they log in from offsite.
Thanks for you help.

Answer Wiki

Could you take advantage of slow link detection settings on the GPO to set the threshold for the application of the machine and user policies higher assuming the remote connections are not high speed? default is 500 KB I think.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States.
Privacy

Processing your response...

Discuss This Question: 3 &nbspReplies

There was an error processing your information. Please try again later.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States.
Privacy

I have found in my experience that running TS in a windows 2000 domain can only be done on the DC otherwise you will have all sorts of troubles especially with TS CALS...
Why dont you make just make it local group policy.

Listen,
If you are runnig TS on a DC, it means you're running it in administration mode, wich is not recomended because useres will still have administration priviledeges thoug they're part of a GPO. I strongly advise to run TS on a different server. The only inconvient is you have to buy a extra license of Windows 2000/2003 server and of course the TS cal.
Best regards

If you are running Windows 2000 Server (not Windows 2003), it is not necessary to leave terminal services in administration mode. You can enable full Terminal Server mode with no problems.
You can make sure that the server is in the Active Directory "Domain Controllers" group. Then you can set the "user" section of the default domain controllers policy to lock down users.
Terminal Server Client Access Licenses for Windows 2000 are included in Windows 2000 and Windows XP. You would need to purchase TS Cals for Windows 95/98/me clients, if you have any who need to access the terminal server.
I ran a Windows 2000 terminal server with about 20 users, and Exchange 2000 for a few years. Just be sure that you have plenty of memory (2GB worked well for my server).

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States.
Privacy

Processing your reply...

Ask a Question

Free Guide: Managing storage for virtual environments

Complete a brief survey to get a complimentary 70-page whitepaper featuring the best methods and solutions for your virtual environment, as well as hypervisor-specific management advice from TechTarget experts. Don’t miss out on this exclusive content!

To follow this tag...

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States.
Privacy